diff --git a/main/inc/ajax/extra_field.ajax.php b/main/inc/ajax/extra_field.ajax.php
index 58dd1a2cb1..9652197925 100755
--- a/main/inc/ajax/extra_field.ajax.php
+++ b/main/inc/ajax/extra_field.ajax.php
@@ -6,14 +6,26 @@ use Chamilo\CoreBundle\Entity\Tag;
require_once __DIR__.'/../global.inc.php';
$action = isset($_GET['a']) ? $_GET['a'] : '';
+$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
+$fieldId = isset($_REQUEST['field_id']) ? $_REQUEST['field_id'] : null;
switch ($action) {
+ case 'delete_file':
+ api_protect_admin_script();
+
+ $itemId = isset($_REQUEST['item_id']) ? $_REQUEST['item_id'] : null;
+ $extraFieldValue = new ExtraFieldValue($type);
+ $data = $extraFieldValue->get_values_by_handler_and_field_id($itemId, $fieldId);
+ if (!empty($data) && isset($data['id']) && !empty($data['value'])) {
+ $extraFieldValue->deleteValuesByHandlerAndFieldAndValue($itemId, $data['field_id'], $data['value']);
+ echo 1;
+ break;
+ }
+ echo 0;
+ break;
case 'get_second_select_options':
- $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
- $field_id = isset($_REQUEST['field_id']) ? $_REQUEST['field_id'] : null;
$option_value_id = isset($_REQUEST['option_value_id']) ? $_REQUEST['option_value_id'] : null;
-
- if (!empty($type) && !empty($field_id) && !empty($option_value_id)) {
+ if (!empty($type) && !empty($fieldId) && !empty($option_value_id)) {
$field_options = new ExtraFieldOption($type);
echo $field_options->get_second_select_field_options_by_field(
$option_value_id,
@@ -23,9 +35,6 @@ switch ($action) {
break;
case 'search_tags':
header('Content-Type: application/json');
-
- $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
- $fieldId = isset($_REQUEST['field_id']) ? $_REQUEST['field_id'] : null;
$tag = isset($_REQUEST['q']) ? $_REQUEST['q'] : null;
$result = [];
diff --git a/main/inc/lib/ScheduledAnnouncement.php b/main/inc/lib/ScheduledAnnouncement.php
index 67597f3754..996ad869ab 100644
--- a/main/inc/lib/ScheduledAnnouncement.php
+++ b/main/inc/lib/ScheduledAnnouncement.php
@@ -93,13 +93,14 @@ class ScheduledAnnouncement extends Model
/**
* Returns a Form validator Obj
+ * @param int $id
* @param string $url
* @param string $action add, edit
* @param array $sessionInfo
*
* @return FormValidator form validator obj
*/
- public function returnSimpleForm($url, $action, $sessionInfo = [])
+ public function returnSimpleForm($id, $url, $action, $sessionInfo = [])
{
$form = new FormValidator(
'announcement',
@@ -111,6 +112,12 @@ class ScheduledAnnouncement extends Model
$form->addDateTimePicker('date', get_lang('Date'));
$form->addText('subject', get_lang('Subject'));
$form->addHtmlEditor('message', get_lang('Message'));
+
+ $extraField = new ExtraField('schedule_announcement');
+ $extra = $extraField->addElements($form, $id);
+ $js = $extra['jquery_ready_content'];
+ $form->addHtml(" ");
+
$this->setTagsInForm($form);
$form->addCheckBox('sent', null, get_lang('MessageSent'));
@@ -241,6 +248,12 @@ class ScheduledAnnouncement extends Model
$form->addHtml('');
$form->addText('subject', get_lang('Subject'));
$form->addHtmlEditor('message', get_lang('Message'));
+
+ $extraField = new ExtraField('schedule_announcement');
+ $extra = $extraField->addElements($form);
+ $js = $extra['jquery_ready_content'];
+ $form->addHtml(" ");
+
$this->setTagsInForm($form);
if ($action == 'edit') {
@@ -252,6 +265,33 @@ class ScheduledAnnouncement extends Model
return $form;
}
+ /**
+ * @param int $id
+ * @return string
+ */
+ public function getAttachmentToString($id)
+ {
+ $file = $this->getAttachment($id);
+ if (!empty($file) && !empty($file['value'])) {
+ //$file = api_get_uploaded_web_url('schedule_announcement', $id, basename($file['value']));
+ $url = api_get_path(WEB_UPLOAD_PATH).$file['value'];
+ return get_lang('Attachment').': '.Display::url(basename($file['value']), $url);
+ }
+ return '';
+ }
+
+ /**
+ * @param int $id
+ * @return array
+ */
+ public function getAttachment($id)
+ {
+ $extraFieldValue = new ExtraFieldValue('schedule_announcement');
+ $attachment = $extraFieldValue->get_values_by_handler_and_field_variable($id, 'attachment');
+
+ return $attachment;
+ }
+
/**
* @param int $urlId
*
@@ -286,8 +326,12 @@ class ScheduledAnnouncement extends Model
continue;
}
+ $attachments = $this->getAttachmentToString($result['id']);
+
self::update(['id' => $result['id'], 'sent' => 1]);
+
+
$subject = $result['subject'];
if ($users) {
@@ -354,6 +398,7 @@ class ScheduledAnnouncement extends Model
];
$message = str_replace(array_keys($tags), $tags, $message);
+ $message .= $attachments;
MessageManager::send_message(
$userInfo['user_id'],
diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php
index 4f771eac92..02faa4a3a7 100644
--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@@ -8510,16 +8510,30 @@ function api_upload_file($type, $file, $itemId, $cropParameters = '')
*
* @return bool
*/
-function api_get_uploaded_file($type, $itemId, $file)
+function api_get_uploaded_web_url($type, $itemId, $file)
+{
+ return api_get_uploaded_file($type, $itemId, $file, true);
+}
+
+/**
+ * @param string $type
+ * @param int $itemId
+ * @param string $file
+ * @param bool $getUrl
+ *
+ * @return bool
+ */
+function api_get_uploaded_file($type, $itemId, $file, $getUrl = false)
{
$itemId = (int) $itemId;
$pathId = '/'.substr((string) $itemId, 0, 1).'/'.$itemId.'/';
$path = api_get_path(SYS_UPLOAD_PATH).$type.$pathId;
-
$file = basename($file);
-
$file = $path.'/'.$file;
- if (file_exists($file)) {
+ if (Security::check_abs_path($file, $path) && is_file($file) && file_exists($file)) {
+ if ($getUrl) {
+ return str_replace(api_get_path(SYS_UPLOAD_PATH), api_get_path(WEB_UPLOAD_PATH), $file);
+ }
return $file;
}
return false;
@@ -8549,8 +8563,9 @@ function api_download_uploaded_file($type, $itemId, $file, $title = '')
*/
function api_remove_uploaded_file($type, $file)
{
- $path = api_get_path(SYS_UPLOAD_PATH).$type.'/'.$file;
- if (file_exists($path)) {
+ $typePath = api_get_path(SYS_UPLOAD_PATH).$type;
+ $path = $typePath.'/'.$file;
+ if (Security::check_abs_path($path, $typePath) && file_exists($path) && is_file($path)) {
unlink($path);
}
}
diff --git a/main/inc/lib/extra_field.lib.php b/main/inc/lib/extra_field.lib.php
index 2b30824857..27c56c2df4 100755
--- a/main/inc/lib/extra_field.lib.php
+++ b/main/inc/lib/extra_field.lib.php
@@ -141,6 +141,9 @@ class ExtraField extends Model
case 'survey':
$this->extraFieldType = EntityExtraField::SURVEY_FIELD_TYPE;
break;
+ case 'schedule_announcement':
+ $this->extraFieldType = EntityExtraField::SCHEDULE_ANNOUNCEMENT;
+ break;
}
$this->pageUrl = 'extra_fields.php?type='.$this->type;
@@ -161,7 +164,7 @@ class ExtraField extends Model
*/
public static function getValidExtraFieldTypes()
{
- return [
+ $result = [
'user',
'course',
'session',
@@ -175,6 +178,12 @@ class ExtraField extends Model
'user_certificate',
'survey'
];
+
+ if (api_get_configuration_value('allow_scheduled_announcements')) {
+ $result[] = 'schedule_announcement';
+ }
+
+ return $result;
}
/**
@@ -1655,8 +1664,8 @@ class ExtraField extends Model
break;
case self::FIELD_TYPE_SELECT_MULTIPLE:
$options = [];
- foreach ($field_details['options'] as $option_id => $option_details) {
- $options[$option_details['option_value']] = $option_details['display_text'];
+ foreach ($field_details['options'] as $optionDetails) {
+ $options[$optionDetails['option_value']] = $optionDetails['display_text'];
}
$form->addElement(
'select',
@@ -1951,12 +1960,12 @@ class ExtraField extends Model
$form->applyFilter('extra_'.$field_details['variable'], 'stripslashes');
$form->applyFilter('extra_'.$field_details['variable'], 'trim');
- $allowed_picture_types = ['jpg', 'jpeg', 'png', 'gif'];
+ $allowedPictureTypes = ['jpg', 'jpeg', 'png', 'gif'];
$form->addRule(
'extra_'.$field_details['variable'],
- get_lang('OnlyImagesAllowed').' ('.implode(',', $allowed_picture_types).')',
+ get_lang('OnlyImagesAllowed').' ('.implode(',', $allowedPictureTypes).')',
'filetype',
- $allowed_picture_types
+ $allowedPictureTypes
);
if ($freezeElement) {
@@ -1989,14 +1998,45 @@ class ExtraField extends Model
array_key_exists($fieldVariable, $extraData)
) {
if (file_exists(api_get_path(SYS_UPLOAD_PATH).$extraData[$fieldVariable])) {
- $fieldTexts[] = Display::url(
- api_get_path(WEB_UPLOAD_PATH).$extraData[$fieldVariable],
+ $linkToDelete = '';
+ $divItemId = $field_details['variable'];
+ if (api_is_platform_admin()) {
+ $url = api_get_path(WEB_AJAX_PATH).'extra_field.ajax.php?type='.$this->type;
+ $url .= '&a=delete_file&field_id='.$field_details['id'].'&item_id='.$itemId;
+
+ $deleteId = $field_details['variable'].'_delete';
+ $form->addHtml("
+
+ ");
+
+ $linkToDelete = ' '.Display::url(
+ Display::return_icon('delete.png', get_lang('Delete')),
+ 'javascript:void(0)',
+ ['id' => $deleteId]
+ );
+ }
+ $fieldTexts[] = ''.Display::url(
+ basename($extraData[$fieldVariable]),
api_get_path(WEB_UPLOAD_PATH).$extraData[$fieldVariable],
[
'title' => $field_details['display_text'],
'target' => '_blank'
]
- );
+ ).$linkToDelete.'
';
}
}
diff --git a/main/inc/lib/extra_field_value.lib.php b/main/inc/lib/extra_field_value.lib.php
index 598562bc0c..b8a681f86c 100755
--- a/main/inc/lib/extra_field_value.lib.php
+++ b/main/inc/lib/extra_field_value.lib.php
@@ -278,6 +278,10 @@ class ExtraFieldValue extends Model
$fileDir = api_get_path(SYS_UPLOAD_PATH).'work/';
$fileDirStored = "work/";
break;
+ case 'schedule_announcement':
+ $fileDir = api_get_path(SYS_UPLOAD_PATH).'schedule_announcement/';
+ $fileDirStored = 'schedule_announcement/';
+ break;
}
$cleanedName = api_replace_dangerous_char($value['name']);
@@ -396,12 +400,11 @@ class ExtraFieldValue extends Model
case ExtraField::FIELD_TYPE_DOUBLE_SELECT:
case ExtraField::FIELD_TYPE_SELECT_WITH_TEXT_FIELD:
if (is_array($value)) {
+ $value_to_insert = null;
if (isset($value['extra_'.$extraFieldInfo['variable']]) &&
isset($value['extra_'.$extraFieldInfo['variable'].'_second'])
) {
$value_to_insert = $value['extra_'.$extraFieldInfo['variable']].'::'.$value['extra_'.$extraFieldInfo['variable'].'_second'];
- } else {
- $value_to_insert = null;
}
}
break;
@@ -982,20 +985,33 @@ class ExtraFieldValue extends Model
* @param int $itemId
* @param int $fieldId
* @param int $fieldValue
+ *
+ * @return bool
*/
public function deleteValuesByHandlerAndFieldAndValue($itemId, $fieldId, $fieldValue)
{
$itemId = intval($itemId);
$fieldId = intval($fieldId);
- $fieldValue = Database::escape_string($fieldValue);
- $sql = "DELETE FROM {$this->table}
+ $fieldData = $this->getExtraField()->get($fieldId);
+ if ($fieldData) {
+ $fieldValue = Database::escape_string($fieldValue);
+
+ $sql = "DELETE FROM {$this->table}
WHERE
item_id = '$itemId' AND
field_id = '$fieldId' AND
value = '$fieldValue'
";
- Database::query($sql);
+ Database::query($sql);
+
+ // Delete file from uploads
+ if ($fieldData['field_type'] == ExtraField::FIELD_TYPE_FILE) {
+ api_remove_uploaded_file($this->type, basename($fieldValue));
+ }
+ return true;
+ }
+ return false;
}
/**
diff --git a/main/inc/lib/model.lib.php b/main/inc/lib/model.lib.php
index 184228b866..333bfbf413 100755
--- a/main/inc/lib/model.lib.php
+++ b/main/inc/lib/model.lib.php
@@ -51,14 +51,15 @@ class Model
*/
public function delete($id)
{
- if (empty($id) or $id != strval(intval($id))) {
+ if (empty($id) || $id != strval(intval($id))) {
return false;
}
$params = ['id = ?' => $id];
if ($this->is_course_model) {
- $course_id = api_get_course_int_id();
- $params = ['id = ? AND c_id = ?' => [$id, $course_id]];
+ $courseId = api_get_course_int_id();
+ $params = ['id = ? AND c_id = ?' => [$id, $courseId]];
}
+
// Database table definition
$result = Database::delete($this->table, $params);
if ($result != 1) {
diff --git a/main/session/scheduled_announcement.php b/main/session/scheduled_announcement.php
index 54a382c999..29afb47937 100644
--- a/main/session/scheduled_announcement.php
+++ b/main/session/scheduled_announcement.php
@@ -100,6 +100,10 @@ switch ($action) {
$res = $object->save($values);
if ($res) {
+ $extraFieldValue = new ExtraFieldValue('schedule_announcement');
+ $values['item_id'] = $res;
+ $extraFieldValue->saveFieldValues($values);
+
Display::addFlash(
Display::return_message(
get_lang('ItemAdded'),
@@ -122,8 +126,8 @@ switch ($action) {
break;
case 'edit':
// Action handling: Editing
- $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.intval($_GET['id']).'&session_id='.$sessionId;
- $form = $object->returnSimpleForm($url, 'edit', $sessionInfo);
+ $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.$id.'&session_id='.$sessionId;
+ $form = $object->returnSimpleForm($id, $url, 'edit', $sessionInfo);
if ($form->validate()) {
$values = $form->getSubmitValues();
$values['id'] = $id;
@@ -131,10 +135,16 @@ switch ($action) {
$values['date'] = api_get_utc_datetime($values['date']);
$res = $object->update($values);
+ $extraFieldValue = new ExtraFieldValue('schedule_announcement');
+ $values['item_id'] = $id;
+ $extraFieldValue->saveFieldValues($values);
+
Display::addFlash(Display::return_message(
get_lang('Updated'),
'confirmation'
));
+ header("Location: $url");
+ exit;
}
$item = $object->get($id);
$item['date'] = api_get_local_time($item['date']);
@@ -142,7 +152,7 @@ switch ($action) {
$content = $form->returnForm();
break;
case 'delete':
- $object->delete($_GET['id']);
+ $object->delete($id);
$content = $object->getGrid($sessionId);
break;
default: